Data providing system and communication apparatus

ABSTRACT

A data providing system includes a first communication apparatus and a plurality of second communication apparatuses that provide data to the first communication apparatus using a communication protocol capable of performing authentication by identification information. The first communication apparatus includes an identification information request sending section, an individual identification information receiving section, a first data request sending section, a first common identification information storage section, a second data request sending section, and a data receiving section. At least one of the second communication apparatuses includes an individual identification information storage section, a second common identification information storage section, an identification information request receiving section, an individual identification information sending section, a data request receiving section, a first data sending section and a second data sending section. The first data sending section sends first type data to the first communication apparatus when the identification information included in the received data request is the stored individual identification information. The second data sending section sends second type data to the first communication apparatus when the identification information included in the received data request is the stored common identification information.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims priority from Japanese Patent Application No.2008-089612, filed on Mar. 31, 2008, the entire subject matter of whichis incorporated herein by reference.

TECHNICAL FIELD

Aspects of the present invention relate to a system and a communicationapparatus for providing data from an agent device to a manager device.

BACKGROUND

A system for providing data for a manager device from an agent deviceusing SNMPv3 (Simple Network Management Protocol version3) is known (forexample, see the following Patent Reference 1). An engine ID unique toeach of the agent devices is set under the SNMPv3. The manager devicerequests the engine ID from each of the agent devices. Each of the agentdevices sends its own engine ID to the manager device by request. Then,the manager device sends a data request including the engine ID of itsagent device to each of the agent devices. Each of the agent devicessends data (for example, a status or the remaining amount of consumablegoods) had by its own agent device to the manager device on conditionthat the engine ID included in the data request matches with its ownengine ID. The manager device can acquire data of each of the agentdevices. In the SNMPv3, the engine ID set in the individual agent devicecan be used for authentication. As a result of this, security of datacommunication is high.

Patent Document 1: Japanese Patent Publication No. 2006-085643A

However, in this technique, it is necessary to make a response and arequest of individual identification information before target data iscommunicated, and a communication load becomes large. Particularly, whena manager device acquires data had by each of the devices with respectto the agent devices, the communication load becomes larger as thenumber of agent devices is large.

SUMMARY

Exemplary embodiments of the present invention address the abovedisadvantages and other disadvantages not described above. However, thepresent invention is not required to overcome the disadvantagesdescribed above, and thus, an exemplary embodiment of the presentinvention may not overcome any of the problems described above.

It is an aspect of the present invention to provide a system and/or anapparatus which performs authentication by identification informationand which is capable of reducing a communication load.

The above and other aspects of the present invention are accomplished byproviding a data providing system comprising: a first communicationapparatus; and a plurality of second communication apparatuses thatprovide data to the first communication apparatus using a communicationprotocol capable of performing authentication by identificationinformation, wherein the first communication apparatus includes: anidentification information request sending section that sends anidentification information request to at least one of the secondcommunication apparatuses; an individual identification informationreceiving section that receives individual identification informationsent from the at least one of the second communication apparatuses; afirst data request sending section that sends a data request includingthe received individual identification information to the at least oneof the second communication apparatuses; a first common identificationinformation storage section that stores common identificationinformation; a second data request sending section that sends a datarequest including the stored common identification information to the atleast one of the second communication apparatuses; and a data receivingsection that receives data sent from the at least one of the secondcommunication apparatuses, wherein the at least one of the secondcommunication apparatuses includes: an individual identificationinformation storage section that stores the individual identificationinformation; a second common identification information storage sectionthat stores the common identification information; an identificationinformation request receiving section that receives the identificationinformation request sent from the first communication apparatus; anindividual identification information sending section that sends thestored individual identification information to the first communicationapparatus in response to the received identification informationrequest; a data request receiving section that receives the data requestsent from the first communication apparatus; a first data sendingsection that sends first type data to the first communication apparatuswhen the identification information included in the received datarequest is the stored individual identification information; a seconddata sending section that sends second type data to the firstcommunication apparatus when the identification information included inthe received data request is the stored common identificationinformation.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other aspects of the present invention will become moreapparent and more readily appreciated from the following description ofexemplary embodiments of the present invention taken in conjunction withthe attached drawings, in which:

FIG. 1 is a schematic diagram illustrating one example of aconfiguration of a printer network system according to an embodiment ofthe present invention;

FIG. 2 is a schematic diagram illustrating one example of aconfiguration of a management server according to the embodiment;

FIG. 3 is a schematic diagram illustrating one example of aconfiguration of a printer according to the embodiment;

FIG. 4 is a schematic diagram illustrating one example of the contentsof storage of a user table storage area according to the embodiment;

FIG. 5 is a schematic diagram illustrating one example of the contentsof storage of a View table storage area according to the embodiment;

FIG. 6 is a schematic diagram illustrating one example of the contentsof storage of an access information table storage area according to theembodiment;

FIG. 7 is a flowchart of management information acquisition processingof a server according to the embodiment;

FIG. 8 is a flowchart of search packet creation processing according tothe embodiment;

FIG. 9 is the flowchart subsequent to FIG. 8;

FIG. 10 is a schematic diagram illustrating one example of the contentsof a packet according to the embodiment;

FIG. 11 is a schematic diagram illustrating a part of the packet infurther detail;

FIG. 12 is a schematic diagram illustrating a part of the packet infurther detail;

FIG. 13 is a flowchart of request packet receiving processing of aprinter according to the embodiment;

FIG. 14 is the flowchart subsequent to FIG. 13; and

FIG. 15 is the flowchart subsequent to FIG. 14.

DETAILED DESCRIPTION

Here, a part of the technical features described in the followingembodiments is summarized.

(Aspect 1) A data providing system may be, for example, a system capableof using at least Version 3 of SNMP.

(Aspect 2) A first communication apparatus may be a management server.Also, a second communication apparatus may be a printer. A networkincluding the management server and the printer may further include arouter.

(Aspect 3) The following system is also useful. That is, a dataproviding system comprises a first communication apparatus and a secondcommunication apparatus for providing data to the first communicationapparatus. The first communication apparatus includes: a timesynchronization information request sending section that sends a timesynchronization information to the second communication apparatus; anindividual time synchronization information receiving section thatreceives individual time synchronization information sent from thesecond communication apparatus; a first common time synchronizationinformation storage section that stores common time synchronizationinformation; a first data request sending section that sends a datarequest including the received individual time synchronizationinformation to the second communication apparatus; a second data requestsending section that sends a data request including the stored commontime synchronization information to the second communication apparatus;and a data receiving section that receives data sent from the secondcommunication apparatus. The second communication apparatus includes: anindividual time synchronization information storage section that storesthe individual time synchronization information; a second common timesynchronization information storage section that stores the common timesynchronization information; a time synchronization information requestreceiving section that receives the time synchronization informationrequest sent from the first communication apparatus; an individual timesynchronization information sending section that sends the storedindividual time synchronization information to the first communicationapparatus in response to the received time synchronization informationrequest; a data request receiving section that receives the data requestsent form the first communication apparatus; a first data sendingsection that sends the first type data to the first communicationapparatus when the time synchronization information included in thereceived data request corresponds to the stored individual timesynchronization information; and a second data sending section thatsends the second type data to the first communication apparatus when thetime synchronization information included in the received data requestis the stored common time synchronization information.

An embodiment of the present invention will be discussed below withreference to the accompanying drawings:

As shown in FIG. 1, the printer network system 2 comprises a managementserver 10, printers 50, 150, routers 160, 170, etc. In FIG. 1, the twoprinters 50, 150 and routers 160, 170 are only shown, but multipleprinters and routers are actually present. Also, it is not shown in FIG.1, but the routers may be further connected to other printers etc. Inthe printer network system 2, the printers 50, 150 provide data for themanagement server 10 using SNMPv3. Unique engine IDs are allocated tothe respective printers 50, 150 and routers 160, 170.

(Configuration of Management Server)

A configuration of the management server 10 will be described. As shownin FIG. 2, the management server 10 has an operation part 12, a displaypart 14, a network interface 16, a control part 18, a storage part 20,etc.

The operation part 12 has a plurality of keys. A user can input variousinformation to the management server 10 by operating the operation part12. The display part 14 can display various information. The networkinterface 16 is connected to a LAN line 180. The LAN line 180 isconnected to the management server 10, the printers 50, 150 and therouters 160, 170. The management server 10 can communicate with theprinters 50, 150 and the routers 160, 170 through the network interface16 and the LAN line 180. The control part 18 executes various processingaccording to a program stored in the storage part 20. The contents ofthe processing executed by the control part 18 will be described belowin detail.

The storage part 20 is constructed by ROM, EEPROM, RAM, etc. The storagepart 20 has a program storage area 22, an information storage area 24for search, a user input setting storage area 30, other storage area 42,etc. The program storage area 22 stores a program to be executed by themanagement server 10. For example, the program storage area 22 stores aprogram for conducting communication using SNMPv3.

The information storage area 24 for search stores an engine ID 26 forsearch and time synchronization information 28 for search. The engine ID26 for search is an engine ID common to the management server 10, theprinters 50, 150 and the routers 160, 170. In the present example, theengine ID 26 for search is “XXX”. The time synchronization information28 for search is time synchronization information common to themanagement server 10, the printers 50, 150 and the routers 160, 170. Inthe present example, the time synchronization information 28 for searchis “YYY”.

The user input setting storage area 30 has a user name 32, a securitylevel 34, an authentication key 36, an encryption key 38 and a contextname 40. The user input setting storage area 30 stores informationinputted by a user. The user name 32 is a name of a user using themanagement server 10. In the present example, a plurality of users canshare the management server 10. For example, a user of an administratorlevel uses a user name of “Administrator”. Also, for example, a generaluser uses a user name of “User”. Each of the users inputs a user name byoperating the operation part 12 in the case of using the managementserver 10. The inputted user name is stored in the user input settingstorage area 30. The security level 34 indicates the presence or absenceof authentication and the presence or absence of encryption. Theauthentication key 36 and the encryption key 38 are respectively keysnecessary for authentication and encryption of a message. In the presentexample, the authentication key 36 is “AAA” and the encryption key 38 is“BBB”. The context name 40 is information used in SNMPv3 and is used inthe case of setting a View name described below. In the present example,“Printer” is adopted as the context name 40. The other storage area 42can store information other than the information to be stored in theprogram storage area 22, the information storage area 24 for search andthe user input setting storage area 30.

(Configuration of Printer)

Subsequently, a configuration of the printer 50 will be described. Theprinter 150 has a configuration similar to that of the printer 50.Because of this, detailed description of the printer 150 is omitted. Asshown in FIG. 3, the printer 50 has an operation part 52, a display part54, a network interface 56, a control part 58, a printing part 60, acartridge 62, various sensors 64, a storage part 70, etc. The operationpart 52 has a plurality of keys. A user can input various information tothe printer 50 by operating the operation part 52. The display part 54can display various information. The network interface 56 is connectedto the LAN line 180. The network interface 56 is an interface forcommunicating with the management server 10 by the printer 50. Thecontrol part 58 executes various processing according to a programstored in the storage part 70. The contents of the processing executedby the control part 58 will be described below in detail. Varioussensors 64 detect, for example, the remaining amount of toner of thecartridge 62. The printing part 60 does printing using the cartridge 62.

The storage part 70 is constructed by ROM, EEPROM, RAM, etc. The storagepart 70 has a program storage area 72, an information storage area 74for search, an information storage area 80 for communication, a usertable storage area 86, a View table storage area 88, an accessinformation table storage area 90, a management information database 92,other storage area 94, etc. The program storage area 72 stores a programto be executed by the printer 50. For example, the program storage area72 stores a program for conducting communication using SNMPv3, a programfor doing printing, etc.

The information storage area 74 for search stores an engine ID 76 forsearch and time synchronization information 78 for search. The engine ID76 for search is the same (XXX) as the engine ID 26 for search stored inthe management server 10. The time synchronization information 78 forsearch is the same (YYY) as the time synchronization information 28 forsearch stored in the management server 10.

The information storage area 80 for communication stores an engine ID 82and time synchronization information 84. The engine ID 82 is a unique IDallocated to the printer 50. The management server 10 can use the engineID 82 in order to identify the printer 50. In the present example, theengine ID 82 of the printer 50 is “GGG”. The time synchronizationinformation 84 is also information unique to the printer 50. Asdescribed below in detail, the time synchronization information 84includes the number of activations of the printer 50 and elapsed timesince the latest activation start. Therefore, the time synchronizationinformation 84 is updated every time activation of the printer 50 isstarted. Also, the time synchronization information 84 changes withtime. In the present example, the time synchronization information 84 ofthe printer 50 is “HHH”.

The user table storage area 86 stores an encryption key and anauthentication key of each user. As shown in FIG. 4, the user tablestorage area 86 stores a user table 200. The user table 200 includescombination data 210, and combination data 212. In each of thecombination data 210, 212, a user name 220, an authentication key 222and an encryption key 224 are associated. The user name 220 indicates aname of a user. The authentication key 222 is used for authentication ofa received packet. In the present example, in the case of including avalue in which the whole packet is digested using the authentication key36 in a packet from the management server 10, a packet is digested usingthe authentication key 222 corresponding to a user name included in thepacket in the printer 50. Authentication is performed by comparingvalues of two message digests. When the packet is falsified by a thirdparty in a communication process, the values of two message digests donot match. Consequently, it can be found that the packet is falsified.In the present example, the authentication key 222 is “AAA” when theuser name 220 is “Administrator”. Also, the authentication key 222 is“CCC” when the user name 220 is “User”.

The encryption key 224 is used for encryption of a packet. In thepresent example, the encryption key 224 is “BBB” when the user name 220is “Administrator”. Also, the encryption key 224 is “DDD” when the username 220 is “User”. In the management server 10, a packet can beencrypted using the encryption key 38 (BBB). In the printer 50 receivingthis packet, the packet is decoded using the encryption key 224corresponding to a user name included in the packet.

The View table storage area 88 stores a View table 230. As shown in FIG.5, the View table 230 includes combination data 240, combination data242, and combination data 244. In each of the combination data 240, 242,244, a View name 250 and target information 252 are associated. The Viewname 250 will be described below in detail. The target information 252indicates a kind of information permitted to be provided for themanagement server 10. In the present example, the target information 252is “all the management information” when the View name 250 is“Management”. That is, when “Management” is identified as the View nameby processing described below, the printer 50 permits all the owninformation to be provided for the management server 10. When the Viewname 250 is “User”, the target information 252 is “minimum informationnecessary for use of a printer”. When “User” is identified as the Viewname, the printer 50 permits a limited kind of information (for example,a model name, the remaining amount of consumable goods or a status) tobe provided for the management server 10. When the View name 250 is“Discover”, the target information 252 is “minimum information necessaryfor search of a printer”. When “Discover” is identified as the Viewname, the printer 50 permits a more limited kind of information (forexample, a model type, a vendor name or a model name) than the case ofthe View name “User” to be provided for the management server 10. Thatis, in the case of the present example, in order of “Management”, “User”and “Discover” of the View names, the kinds of information which theprinter 50 can be provided for the management server 10 are limited anda security level of information capable of being provided also becomeslower. In other words, when the View name 250 is “Discover”, the printer50 provides only information with low security.

The access information table storage area 90 stores an accessinformation table 260. As shown in FIG. 6, the access information table260 includes combination data 270, combination data 272, combinationdata 274, combination data 276, and combination data 278. In each of thecombination data 270, 272, 274, 276, 278, a context name 280, a username 282, a security level 284, a View type 286 and a View name 288 areassociated. The context name 280 has the same meaning as the contextname 40 described above and is used in SNMPv3. The user name 282indicates a name of a user. The security level 284 is information aboutthe presence or absence of encryption and authentication of a packet.The View type 286 is information for identifying a change in a settingvalue and provision of data. When the View type 286 is “READ”, it meansdata provision. When the View type 286 is “WRITE”, it means a change ina setting value. The View name 288 corresponds to the View name 250 ofthe View table 230 described above. As described below in detail, theprinter 50 identifies the View name 288 from the information 280 to 286of the combination data 270.

The management information database 92 stores various information aboutthe printer 50. The management information database 92 stores a status(for example, the remaining amount of consumable goods) detected by, forexample, a model type, a vendor name, a model name or the sensors 64.The other storage area 94 can store information other than theinformation to be stored in each of the program storage areas 72, 74,80, 86, 88, 90, 92 described above.

(Management Information Acquisition Processing of Server)

The contents of management information acquisition processing of aserver executed by the control part 18 of the management server 10 willbe described. As shown in FIG. 7, the control part 18 performs searchpacket creation processing (S10). The contents of a packet will be firstdescribed before description of this search packet creation processing.

The packet 300 includes information (for example, PDU, timesynchronization information or an engine ID of the printer 50) necessaryfor communication between the management server 10 and the printer 50.As shown in FIG. 10, the packet.300 is constructed of Version 302,Header 304, Security Parameters 320 and Scoped PDU 340. The Version 302is information indicating a version of SNMP and is SNMPv3 (version 3) inthe present example. Next, the contents of the Header 304 will bedescribed. The Header 304 is constructed of msgID 306, msgMaxSize 308,msgFlags 310 and msgSecuritymodel 312. The control part 18 can create aunique ID every packet by incrementing the number of packetcommunications. The ID created in this manner is stored in the msgID306. The msgMaxSize 308 includes information about a data size of thepacket 300. The msgFlags 310 includes information about the presence orabsence of encryption and the presence or absence of authentication. ThemsgSecuritymodel 312 is an area in which information used in the case ofextending a protocol is stored.

Then, the contents of the Security Parameters 320 will be described. Asshown in FIG. 11, the Security Parameters 320 is constructed of variousitems 322, 324, 326, 332, 334, 336.

An engine ID is stored in msgAuthoritativeEngineID 322. Informationabout the number of activations of an agent device (for example, theprinter 50 in the present example) is stored inmsgAuthoritativeEngineBoots 324. Elapsed time since the latestactivation start of the agent device is stored inmsgAuthoritativeEngineTime 326. That is, information 330 in which themsgAuthoritativeEngineBoots 324 and the msgAuthoritativeEngineTime 326are combined is time synchronization information. A user name is storedin msgUserName 332. The control part 18 can create a message digest bydigesting the whole packet using the authentication key 36. This messagedigest is stored in msgAuthentificationParameters 334. Informationnecessary to decode the encrypted information is stored inmsgPrivacyParameters 336.

Then, the contents of the Scoped PDU 340 shown in FIG. 10 will bedescribed. As shown in FIG. 10, the Scoped PDU 340 is constructed ofcontextEngineID 342, contextName 344 and PDU 346. An engine ID is storedin the contextEngineID 342. The same engine ID as that of themsgAuthoritativeEngineID 322 (see FIG. 11) is stored in this item 342. Acontext name is stored in the contextName 344.

As shown in FIG. 12, the PDU 346 is constructed of Header 350, a Viewtype 362, OID 364 and Value 366. Either READ or WRITE is stored in theView type 362. Information (for example, an identifier of data) foridentifying a kind of requested data is stored in the OID 364. When“WRITE” is set in the View type 362, a setting value is stored in theValue 366.

Next, the contents of the search packet creation processing will bedescribed with reference to FIGS. 8 and 9. In the present example, thefollowing description is continued assuming that the management server10 requests acquisition (READ) of information from the printer 50. Asshown in FIG. 8, in S50, the control part 18 sets “READ” in the Viewtype 362 (see FIG. 12) of the PDU 346 of the packet 300. Then, thecontrol part 18 sets an identifier (for example, a model type) ofinformation necessary to identify a printer from among a device group (aprinter and a router) present in a network in the OID 364 (see FIG. 12)of the PDU 346 of the packet 300 (S52). Then, the control part 18 sets acontext name (for example, “Printer” in the example of FIG. 2) in thecontextName 344 (see FIG. 10) of the packet 300 (S54). The control part18 performs the processing of S54 by reading out the contents of thecontext name 40 (see FIG. 2) of the user input setting storage area 30.

Then, the control part 18 sets the engine ID 26 for search (XXX) in themsgAuthoritativeEngineID 322 (see FIG. 11) and the contextEngineID 342(see FIG. 10) of the packet 300 (S56). Then, the control part 18 setsthe time synchronization information 28 for search (YYY) in the timesynchronization information 330 (see FIG. 11) of the packet 300 (S58).

Then, the control part 18 sets information excluding the msgUserName 332in other items of the packet 300 in S60. That is, the control part 18writes information into all the items capable of setting at the presenttime. For example, the control part 18 writes the security level 34 (seeFIG. 2) stored in the user input setting storage area 30 into themsgFlags 310 (see FIG. 10). Also, the control part 18 writes informationinto the items 304, 346, etc. Then, the control part 18 decides whetheror not the security level 34 stored in the user input setting storagearea 30 is set in the “presence of authentication” (S62). In the case ofYES in S62, the flowchart proceeds to S80 of FIG. 9. On the other hand,in the case of NO in S62, the search packet creation processing isended.

As shown in FIG. 9, in S80, the control part 18 sets the user name 32stored in the user input setting storage area 30 in the msgUserName 332(see FIG. 11) of the packet 300. For example, the control part 18 sets auser name “Administrator” in the msgUserName 332. Then, the control part18 decides whether or not the security level 34 stored in the user inputsetting storage area 30 is set in the “presence of encryption” (S82). Inthe case of NO herein, the flowchart skips S84 and proceeds to S86. Onthe other hand, in the case of YES in S82, the control part 18 encryptsthe Scoped PDU 340 (see FIG. 10) of the packet 300 using the engine ID26 for search (XXX) stored in the information storage area 24 for searchand the encryption key 38 (BBB) stored in the user input setting storagearea 30 (S84). When S84 is ended, the flowchart proceeds to S86.

In S86, the control part 18 creates a message digest by digesting(hashing) the whole packet 300 using the authentication key 36 (AAA)stored in the user input setting storage area 30. In the case of thisdigesting, zero is set in the msgAuthentification Parameters 334 (seeFIG. 11). Then, the control part 18 sets a value of the message digestcreated in S86 in the msgAuthentification Parameters 334 of the packet300 (S88). When S88 is ended, the search packet creation processing isended. In this case, the flowchart proceeds to S12 of FIG. 7.

As shown in FIG. 7, in S12, the control part 18 broadcasts a searchpacket created in S10. As a result of this, the search packet is sent toall the printers and routers connected through the LAN line 180.Subsequently, the control part 18 decides whether or not a response tothe search packet sent in S12 is received (S14). In the case of NOherein, the flowchart proceeds to S32. On the other hand, in the case ofYES in S14, the flowchart proceeds to S16.

In S16, the control part 18 identifies information used indiscrimination of a management target from the contents of the responsereceived in S14. The control part 18 discriminates the management targetby, for example, a model type. That is, in the present example, as aresult of broadcasting the search packet in S12, a response includinginformation about the model type is sent from each of the devices(printers 50, 150 and routers 160, 170). The control part 18 identifies(reads) information about the model type included in the response.

Then, the control part 18 decides whether or not a sending source of theresponse is the management target (that is, a printer) (S18). In thecase of NO herein, the flowchart proceeds to S32. On the other hand, inthe case of YES in S18, the control part 18 requests an engine ID fromthe sending source (for example, the printer 50) of the response byunicast (S20). In addition, in the present example, the followingdescription is continued assuming that the sending source of theresponse is the printer 50. When the request of S20 is sent, the printer50 sends an individual engine ID (GGG) set in its own printer to themanagement server 10. The management server 10 receives the engine ID(GGG) of the printer 50 (S22). Subsequently, the control part 18requests time synchronization information from the printer 50 by unicast(S24). This request includes the engine ID received in S22. The printer50 sends its own time synchronization information 84 (HHH) to themanagement server 10 on condition that the engine ID included in a datarequest sent from the management server 10 in S24 matches with its ownengine ID 82 (GGG). The management server 10 receives the timesynchronization information 84 (HHH) about the printer 50 (S26).

Subsequently, the control part 18 requests management information (forexample, a status) about the printer 50 by unicast (S28). This requestpacket is created by a technique similar to the search packet creationprocessing (FIGS. 8 and 9) of SI 0. However, the search packet creationprocessing in S28 differs from the search packet creation processing ofS10 in that the engine ID received in S22 and the time synchronizationinformation received in S26 are used. Also, a packet for requesting amodel type is created in the search packet creation processing of S10.On the other hand, a packet for requesting information (for example, astatus) of a kind preset by a user is created in the search packetcreation processing in S28. The printer 50 sends a response includingthe management information (for example, a status) by executing theprocessing described below based on the packet sent from the managementserver 10 in S28. The management server 10 receives the managementinformation (S30). When S30 is ended, the flowchart proceeds to S32.

In S32, the control part 18 decides whether or not a predetermined timehas elapsed since the search packet was broadcast in S12. In the case ofNO herein, the flowchart returns to S14. On the other hand, in the caseof YES in S32, the control part 18 displays the management information(management information about each device of a management target)received in S30 on the display part 14 (S34). Consequently, a user canacquire desired management information (for example, a status of eachdevice targeted for management).

(Request Packet Receiving Processing of Printer)

Subsequently, the contents of request packet receiving processingexecuted by a printer will be described. In the present example, thefollowing description is continued assuming that the printer 50 receivesa data request from the management server 10. In addition, the printer150 executes similar processing and also the routers 160, 170 executesimilar processing. As shown in FIG. 13, the control part 58 of theprinter 50 decides whether or not a data request from the managementserver 10 is a request of an engine ID (S100). In the case of YESherein, the control part 58 sends a response including its own engine ID82 (GGG) to the management server 10 (S102).

In the case of NO in S100, the control part 58 decides whether or notthe data request from the management server 10 is a request of timesynchronization information (S104). In addition, the engine ID 82 (GGG)of the printer 50 is included in this data request. In the case of YESin S104, the control part 58 sends a response including its own timesynchronization information 84 (HHH) to the management server 10 oncondition that the engine ID included in the received data requestmatches with its own engine ID 82 (S106).

On the other hand, in the case of NO in S104, the control part 58decides whether or not time synchronization information included in thereceived data request is within a predetermined time from its own timesynchronization information 84 (S108). The control part 58 makes thedecision of S108 by reading out the time synchronization information 84stored in the information storage area 80 for communication. That is,the printer 50 performs authentication by its own time synchronizationinformation 84. In the case of YES herein, the flowchart proceeds toS130 of FIG. 14. On the other hand, in the case of NO in S108, thecontrol part 58 decides whether or not the time synchronizationinformation included in the data request is the time synchronizationinformation 78 for search (XXX) (S110). The control part 58 makes thedecision of S110 by reading out the engine ID 76 for search stored inthe information storage area 74 for search.

In the case of YES in S110, the control part 58 decides whether or notthe engine ID included in the received data request is an engine ID forsearch (YYY) (S112). The control part 58 makes the decision of S112 byreading out the time synchronization information 78 for search stored inthe information storage area 74 for search. In the case of YES in S112,the flowchart proceeds to S130 of FIG. 14.

In the case of NO in S110 or S112, the control part 58 creates aresponse indicating inaccessibility (S114). Subsequently, the controlpart 58 sends the response created in S114 to the management server 10(S116). In this case, the management server 10 cannot acquire managementinformation from the printer 50.

As shown in FIG. 14, in S130, the control part 58 decides the presenceor absence of authentication by reading out a security level (msgFlags310 (see FIG. 10)) included in the received data request (for example,the packet 300) (S130). In the case of the absence of authentication (NOin S130), the flowchart proceeds to S170 of FIG. 15. On the other hand,in the case of the presence of authentication (YES in S130), the controlpart 58 decides whether or not a user name (msgUserName 332 (see FIG.11)) included in the received request packet is included in the usertable 200 stored in the user table storage area 86 (S132). In the caseof NO in S132, the flowchart proceeds to S114 of FIG. 13 and the controlpart 58 creates the response indicating inaccessibility.

On the other hand, in the case of YES in S132, the control part 58digests the data request (the whole packet 300) (S134). First, thecontrol part 58 reads the authentication key 222 corresponding to a username included in the data request out of the user table 200. Using thisauthentication key, the control part 58 digests a request packet andcreates a message digest. For example, when the user name included inthe data request is “Administrator”, digesting is performed using anauthentication key “AAA”. In addition, in the case of executing thisprocessing, the msgAuthentificationParameters 334 (see FIG. 11) includedin the data request is set at zero.

The control part 58 decides whether or not a value written into themsgAuthentificationParameters 334 of the data request matches with avalue obtained in S134 (S136). In the case of NO in S136, the flowchartproceeds to S114 and the control part 58 creates the response indicatinginaccessibility. That is, the fact that the value of the message digestdiffers has a possibility of, for example, falsifying data by a thirdparty in a communication process, so that the control part 58 rejectsaccess.

In the case of YES in S136, the control part 58 decides the presence orabsence of encryption by reading out a security level (msgFlags 310 (seeFIG. 10)) included in the data request (S138). In the case of theabsence of encryption (NO in S138), the flowchart proceeds to S170 ofFIG. 15. On the other hand, in the case of the presence of encryption(YES in S138), the control part 58 decides whether or not an engine ID(msgAuthoritativeEngineID 322 (see FIG. 11)) included in the datarequest is the engine ID 76 for search (XXX) (S140). In the case of NOherein, the flowchart proceeds to S148.

On the other hand, in the case of YES in S140, the control part 58decodes the Scoped PDU 340 (see FIG. 10) included in the data requestusing the engine ID 76 for search and the encryption key 224corresponding to a user name included in the data request (S142). First,the control part 58 reads the encryption key 224 corresponding to theuser name included in the data request out of the user table 200. Forexample, when the user name included in the data request is“Administrator”, an encryption key “BBB” is read out. In this case, theScoped PDU 340 is decoded using the encryption key “BBB” and the engineID for search (XXX). Next, the control part 58 decides whether or not tosucceed in decoding in S142 (S144). In the case of NO herein, theflowchart proceeds to S114 and the control part 58 creates the responseindicating inaccessibility.

On the other hand, in the case of YES in S144, the control part 58changes a context name (contextName 344 (see FIG. 10)) included in thedata request (S146). That is, the control part 58 changes the contextname (for example, Printer) included in the data request into“Discover”. When S146 is ended, the flowchart proceeds to S170 of FIG.15.

In the case of NO in S140, the control part 58 decodes the Scoped PDU340 using its own engine ID 82 (GGG) and the encryption key 224corresponding to a user name included in the data request (S148). Forexample, when the user name included in the data request is“Administrator”, the Scoped PDU 340 is decoded using an encryption key(BBB) and an engine ID (GGG). That is, the control part 58 decodes theScoped PDU using its own engine ID 82 when the engine ID included in thedata request is not the engine ID 76 for search.

Then, the control part 58 decides whether or not to succeed in decodingof the Scoped PDU 340 in S148 (S150). In the case of NO herein, theflowchart proceeds to S114 and the control part 58 creates the responseindicating inaccessibility. On the other hand, in the case of YES inS150, the flowchart proceeds to S170 of FIG. 15.

As shown in FIG. 15, in S170, the control part 58 identifies a Viewname. First, the control part 58 reads out the msgFlags 310 (see FIG.10), the MsgUserName 332 (see FIG. 11), the View type 362 (see FIG. 12)and the contextName 344 (see FIG. 10) included in the data request.Next, the control part 58 identifies the View names 288 corresponding tothese information from the access information table 260 (see FIG. 6). Inaddition, “READ” of the access information table 260 corresponds to“GET” and “WRITE” corresponds to “SET”. For example, the control part 58identifies “Menagement” as a View name when a context name is “Printer”and a user name is “Administrator” and a security level is “the presenceof authentication/the presence of encryption” and a View type is “READ(that is, GET)”.

When S170 is ended, the control part 58 decides whether or notmanagement information (management information requested by a user)corresponding to the OID 364 (see FIG. 12) included in the data requestis included in the target information 252 corresponding to the View name288 identified in S170 (S172). The control part 58 reads out thecontents of storage of the View table 230 (see FIG. 5) and makes thedecision of S172. For example, status information shall be identified inthe OID. For example, when “User” is identified as the View name in S170herein, it becomes YES in S172 since the target information 252corresponding to “User” includes the status information. On the otherhand, for example, when “Discover” is identified as the View name inS170, it becomes NO in S172 since the target information 252corresponding to “Discover” does not include the status information.

In addition, the control part 58 changes a context name into “Discover”in S146 of FIG. 14 when authentication is performed using the engine ID76 for search and the time synchronization information 78 for search.Also, when the context name 280 is “Discover” in the access informationtable 260, the View name 288 becomes “Discover” regardless of otherconditions such as a user name. As a result of this, the View name 288always becomes “Discover” when authentication is performed using theengine ID 76 for search and the time synchronization information 78 forsearch. Therefore, regardless of a request of a user of the managementserver 10, information provided for the management server 10 is limitedto the minimum information necessary for search of the printer.

Then, the control part 58 decides whether or not management informationcorresponding to the OID 364 (see FIG. 12) included in the request datais present in the management information database 92 (S174). In the caseof NO in S174, the flowchart proceeds to S114 and the control part 58creates the response indicating inaccessibility. On the other hand, inthe case of YES in S174, the flowchart proceeds to S176.

The control part 58 decides whether the View type 362 (see FIG. 12)included in the data request is either SET (WRITE; change in a settingvalue) or GET (READ; provision of data) in S176. When the View type isGET herein, the control part 58 creates a response including managementinformation corresponding to the OID 364 (see FIG. 12) included in thedata request (S178). The control part 58 performs the processing of S178by reading out the contents of storage of the management informationdatabase 92. When S178 is ended, the flowchart proceeds to S116 of FIG.13 and the response is sent to the management server 10.

On the other hand, in the case of NO in S176, that is, when the contentsincluded in the View type 362 are SET, the control part 58 changes itsown setting value corresponding to the OID 364 included in the datarequest into a value written in the Value 366 (see FIG. 12) (S180).Then, the control part 58 creates a response indicating success in thechange in the setting value in S180 (S182). When S182 is ended, theflowchart proceeds to S116 of FIG. 13 and the response is sent to themanagement server 10.

In the system 2 of the present example, data on a model type can becommunicated without making a response and a request of a unique engineID set in an individual device by storing the same engine ID for search(XXX) and time synchronization information for search (YYY) in each ofthe devices 10, 50, 150, 160, 170. Data with a low security level can becommunicated by a technique with a low communication load. On the otherhand, desired data (for example, status information) can also becommunicated after a response and a request of a unique engine ID set inan individual device are made. Data with a high security level can alsobe communicated using a technique with a high security level used innormal SNMPv3. It seems simple that a technique for sending data with ahigh security level after authentication is performed using a datarequest including an engine ID and a technique for sending data with alow security level according to a predetermined data request withoutincluding an engine ID could be made concurrent. However, there is asituation difficult to adopt the latter technique. For example, in thecase of constructing a data providing system using SNMPv3, the formertechnique is implemented by SNMPv3 while the latter technique isimplemented by SNMPv1. There is a desire to set each of the devices sothat communication cannot be conducted by SNMPv1 in order to increasesecurity of data communication. It is difficult to make the formertechnique and the latter technique concurrent in the case ofconstructing such a system. The system 2 of the present example canimplement both of communication of data with a high security level usinga technique with a high security level and communication of data with alow security level by a technique with a low communication load in aframework of SNMPv3 without using SNMPv1 or SNMPv2.

The management server 10 can identify a device targeted for managementby sending a data request including an engine ID for search and timesynchronization information for search by broadcast and receiving aresponse to this. Hence, a communication load can be reduced. When theprinter 50 receives the data request including the engine ID for searchand the time synchronization information for search, a context name ischanged and data (data with a low security level) corresponding to thecontext name after the change is sent. Further, even when the printer 50receives a data request of management information (data with a highsecurity level) from the management server 10 by the engine ID forsearch and the time synchronization information for search, the contextname is changed, so that the requested management information cannot besent as a response. That is, notification that access to the requestedmanagement information is not permitted is sent to the management server10. Hence, data communication can be conducted while ensuring a securitylevel.

The concrete example of the invention has been described above indetail, but these are only illustrative and the claims are not limited.Various modifications and changes in the concrete example illustratedabove are included in the technique described in the claims. A modifiedexample of the example described above is shown below.

For example, the information displayed on the display part 14 in S34 ofFIG. 7 may be information (for example, a device name and a model nameof a printer targeted for management) with a low security level amongmanagement information. When the management information is requestedusing an engine ID for search, the printer 50 etc. could send theinformation with the low security level described above by request. Byusing the engine ID for search, all the information to be displayed onthe display part 14 can be acquired without requesting an engine ID froma printer individually. The management server 10 creates and displays adevice list of devices (printers 50, 150) targeted for management basedon information acquired from each of the devices. On the other hand, forexample, when a user operates the operation part 12 from the displayeddevice list and thereby a predetermined device is specified, it may beconstructed so as to execute processing for acquiring information with ahigh security level with respect to its specified device. The managementserver 10 can acquire information (information necessary to be displayedon the display part 14) with low security using the engine ID for searchfrom a plurality of devices targeted for management. Also, informationwith high security can be acquired from only the specified device. Sincemanagement information is not acquired from the device which is notspecified, a communication load for acquiring the management informationcan be reduced. Further, the communication load is reduced and thereby,the information displayed on the display part 14 can also be acquiredspeedily. Also, when the engine ID for search is broadcast, retrieval ofa device targeted for management and acquisition of data with a lowsecurity level can be performed together and the communication load canbe reduced further.

Also, the technical element described in the drawings or the presentspecification exercises technical usefulness by various combinations orsingly, and is not limited to combination described in the claims at thetime of application. Also, the technique illustrated in the drawings orthe present specification simultaneously achieves a plurality ofpurposes, and has technical usefulness by achieving one of the purposes.

The present invention can be implemented in illustrative non-limitingaspects as follows:

In a first aspect, there is provided a data providing system comprising:a first communication apparatus (for example, a manager device); and aplurality of second communication apparatuses (for example, agentdevices) that provide data to the first communication apparatus using acommunication protocol (for example, SNMPv3) capable of performingauthentication by identification information, wherein the firstcommunication apparatus includes: an identification information requestsending section that sends an identification information request to atleast one of the second communication apparatuses; an individualidentification information receiving section that receives individualidentification information sent from the at least one of the secondcommunication apparatuses; a first data request sending section thatsends a data request including the received individual identificationinformation to the at least one of the second communication apparatuses;a first common identification information storage section that storescommon identification information (common identification informationbetween the first communication apparatus and the second communicationapparatuses); a second data request sending section that sends a datarequest including the stored common identification information to the atleast one of the second communication apparatuses; and a data receivingsection that receives data sent from the at least one of the secondcommunication apparatuses, wherein the at least one of the secondcommunication apparatuses includes: an individual identificationinformation storage section that stores the individual identificationinformation; a second common identification information storage sectionthat stores the common identification information; an identificationinformation request receiving section that receives the identificationinformation request sent from the first communication apparatus; anindividual identification information sending section that sends thestored individual identification information to the first communicationapparatus in response to the received identification informationrequest; a data request receiving section that receives the data requestsent from the first communication apparatus; a first data sendingsection that sends first type data to the first communication apparatuswhen the identification information included in the received datarequest is the stored individual identification information; a seconddata sending section that sends second type data to the firstcommunication apparatus when the identification information included inthe received data request is the stored common identificationinformation. For example, data in the second type data is more limitedthan data in the first type data. In addition, the term “when” describedabove does not exclude addition of other conditions (AND condition, ORcondition). This similarly applies to the case of using the term “oncondition” in the above description.

There are various data required by a data receiving device (the managerdevice in the example described above). While data of a type to becommunicated by a method with high security is present, it is expectedthat data of a type without high security will also be present.Therefore, it is possible to reduce a communication load as a whole bycommunicating data of the former type by a method with high security andcommunicating data of the latter type without a high security levelusing a method with a small communication load.

According to the system described above, the at least one of the secondcommunication apparatuses can send data to the first communicationapparatus using any of individual identification information and commonidentification information in authentication. Here, the term“authentication” should be most broadly construed and is a conceptincluding various authentication methods. Several authentication methodsare illustrated. For example, the at least one of the secondcommunication apparatuses may perform authentication by comparingidentification information included in a data request sent from thefirst communication apparatus with the identification information (theindividual identification information or the common identificationinformation) stored in itself. Also, for example, when a data requestfrom the first communication apparatus is encrypted as a key, the secondcommunication apparatus may perform authentication by deciding whetheror not to succeed in decoding the data request using identificationinformation stored in itself as the key. Also, for example, when a firstvalue in which the whole data request is summarized (digested) isincluded in a data request including identification information, the atleast one of the second communication apparatuses may performauthentication by summarizing the data request and generating a secondvalue and comparing the first value with the second value.

In the system described above, by storing common identificationinformation in both of the first communication apparatus and the atleast one of the second communication apparatuses, the second type datacan be communicated without making a response and a request ofindividual identification information. On the other hand, the first typedata can also be communicated after making the response and the requestof the individual identification information. A technique forcommunicating data using common identification information inauthentication differs from a technique for communicating data usingindividual identification information in authentication, and it isunnecessary to make a response and a request of individualidentification information before data of an object is communicated. Asa result of this, the former technique has an advantage that acommunication load becomes smaller than that of the latter technique. Inthe case of using this system, data with a low security level can becommunicated using the former technique and data with a high securitylevel can be communicated using the latter technique. Both thetechniques can be implemented in a framework of a protocol (for example,SNMPv3) for sending a data request including identification information.

In addition, authentication may be performed using time synchronizationinformation as well as identification information. For example, in thecase of SNMPv3, authentication can be performed using elapsed time sincean activation start and the number of activations of an agent device. Itis necessary for a manager device to request individual timesynchronization information (elapsed time since an activation start andthe number of activations in the example described above) from the agentdevice before data of an object is communicated. By storing common timesynchronization information in both of the first communication apparatusand the second communication apparatus, data of the object can becommunicated without making a response and a request of individual timesynchronization information. In order to implement this, the followingaspect may be adopted.

In a second aspect, there is provided a data providing system accordingto the first aspect, wherein the first communication apparatus furtherincludes: a time synchronization information request sending sectionthat sends a time synchronization information to the at least one of thesecond communication apparatuses; an individual time synchronizationinformation receiving section that receives individual timesynchronization information sent from the at least one of the secondcommunication apparatuses; and a first common time synchronizationinformation storage section that stores common time synchronizationinformation, wherein the first data request sending section sends a datarequest including the received individual identification information andthe received individual time synchronization information to the at leastone of the second communication apparatuses, wherein the second datarequest sending section sends a data request including the stored commonidentification information and the stored common time synchronizationinformation to the at least one of the second communication apparatuses,wherein the at least one of the second communication apparatuses furtherincludes: an individual time synchronization information storage sectionthat stores the individual time synchronization information; a secondcommon time synchronization information storage section that stores thecommon time synchronization information; and a time synchronizationinformation request receiving section that receives the timesynchronization information request sent from the first communicationapparatus, wherein the individual time synchronization informationsending section sends the stored individual time synchronizationinformation to the first communication apparatus in response to thereceived time synchronization information request, wherein the firstdata sending section sends the first type data to the firstcommunication apparatus when the identification information included inthe received data request is the stored individual identificationinformation and the time synchronization information included in thereceived data request corresponds to the stored individual timesynchronization information, and wherein the second data sending sectionsends the second type data to the first communication apparatus when theidentification information included in the received data request is thestored common identification information and the time synchronizationinformation included in the received data request is the stored commontime synchronization information. Here, the term “correspond to theindividual time synchronization information” described above not onlymeans that time synchronization information included in a data requestmatches with individual time synchronization information stored inindividual time synchronization information storage means but also meansthat time synchronization information included in a data request isincluded within a predetermined time since individual timesynchronization information stored in individual time synchronizationinformation storage means.

According to the configuration described above, the at least one of thesecond communication apparatuses can perform authentication of datacommunication by time synchronization information as well asidentification information. For example, the at least one of the secondcommunication apparatuses can send the first type data (data with a highsecurity level) by performing authentication by both of individualidentification information and individual time synchronizationinformation. Also, the at least one of the second communicationapparatus can send the second type data (data with a low security level)without making a response and a request of individual timesynchronization information by using common time synchronizationinformation in authentication. That is, the second type data can becommunicated by a technique with a small communication load. Both thetechniques can be implemented in a framework of a protocol (for example,SNMPv3) for sending a data request including identification informationand time synchronization information.

For example, a device (device for providing data) targeted formanagement may be previously registered in a manager device, or thedevice targeted for management may be searched by conducting broadcastcommunication.

In a third aspect, there is provided the data providing system accordingto the first aspect or the second aspect, wherein the firstcommunication apparatus further includes an identifying section, whereinthe second data request sending section broadcasts a data requestincluding the common identification information, wherein the datareceiving section receives the second type data sent from the pluralityof the second communication apparatuses in response to the broadcasteddata request, wherein the identifying section identifies one or more ofthe second communication apparatuses each of which sends the second typedata satisfying a predetermined condition based on the received secondtype data sent from the plurality of the second communicationapparatuses, wherein the identification information request sendingsection that unicasts the identification information request to each ofthe identified second communication apparatuses, wherein the first datarequest sending section unicasts a data request including individualidentification information sent from each of the identified secondcommunication apparatuses in response to the identification informationrequest, to each of the identified second communication apparatuses.

According to the configuration described above, the first communicationapparatus can identify a device targeted for management when a datarequest (request of second type data) including common identificationinformation and a response to the data request are made. A load of datacommunication can be reduced.

In a fourth aspect, there is provided the data providing systemaccording to the third aspect, wherein the second type data includesdata on a type of a device (for example, a printer or a router), andwherein the identifying section identifies the one or more of the secondcommunication apparatuses each of which corresponds to a preset type(for example, a printer), based on the received second type data sentfrom the plurality of the second communication apparatuses. According tothis configuration, the first communication apparatus can exclude adevice of other type from a management target by being preset in thefirst communication apparatus so as to identify a device of apredetermined type.

In a fifth aspect, there is provided the data providing system accordingto the first aspect to the fourth aspect, wherein the firstcommunication apparatus further includes a name storage section thatstores a first name, wherein the first data request sending sectionsends a data request including the received individual identificationinformation and the stored first name to the at least one of the secondcommunication apparatuses, wherein the second data request sendingsection sends a data request including the stored common identificationinformation and the stored first name to the at least one of the secondcommunication apparatuses (in other words, the first communicationapparatus sends a data request including the first name and one of theindividual identification information and the common identificationinformation, to the at least one of the second apparatuses), wherein theat least one of the second communication apparatuses further includes aname and data identifying information storage section that associatesand stores each of a plurality of names with each data identifyinginformation (here, the data identifying information is information foridentify data, for example, a type of a device, a model name of thedevice, a vendor name, or a status), wherein the name and dataidentifying information storage section associates and stores the firstname with first data identifying information which identifies the firsttype data, wherein the name and data identifying information storagesection associates and stores a second name with second data identifyinginformation which identifies the second type data, wherein the firstdata sending section and the second data sending section send data atype of which is identified by the stored data identifying informationassociated with the name included in the received data request, to thefirst communication apparatus, and wherein the at least one of thesecond apparatuses further includes a name changing section that changesthe first name included in the data request to the second name when theidentification information included in the received data request is thestored common identification information. That is, for example, the atleast one of the second communication apparatuses may permit the firsttype data to be sent to the first communication apparatus when the firstname is included in the data request and may send the second type datato the first communication apparatus when the second name is included inthe data request. For example, the first communication apparatus sends adata request including the first name and the common identificationinformation. In this case, the at least one of the second communicationapparatuses changes the first name included in the data request into thesecond name. As a result of this, the at least one of the secondcommunication apparatuses sends second type data corresponding to thesecond name to the first communication apparatus. According to thisconfiguration, the at least one of the second communication apparatusescan inhibit first type data from being sent according to the datarequest including the common identification information. That is, thefirst type data with a high security level can be inhibited from beingsent to the data request including the common identification informationto be used for requesting data with a low security level.

In a sixth aspect, a single body of a second communication apparatus forconstructing the system described above is provided as a novel device.This novel communication apparatus includes an individual identificationinformation storage section, a first common identification informationstorage section, an identification information request receivingsection, an individual identification information sending section, adata request receiving section, a first data sending section and asecond data sending section described above. The system described abovecan be constructed using this communication apparatus.

While the present invention has been shown and described with referenceto certain exemplary embodiments thereof, it will be understood by thoseskilled in the art that various changes in form and details may be madetherein without departing from the spirit and scope of the invention asdefined by the appended claims.

1. A data providing system comprising: a first communication apparatus;and a plurality of second communication apparatuses that provide data tothe first communication apparatus using a communication protocol capableof performing authentication by identification information, wherein thefirst communication apparatus includes: an identification informationrequest sending section that sends an identification information requestto at least one of the second communication apparatuses; an individualidentification information receiving section that receives individualidentification information sent from the at least one of the secondcommunication apparatuses; a first data request sending section thatsends a data request including the received individual identificationinformation to the at least one of the second communication apparatuses;a first common identification information storage section that storescommon identification information; a second data request sending sectionthat sends a data request including the stored common identificationinformation to the at least one of the second communication apparatuses;and a data receiving section that receives data sent from the at leastone of the second communication apparatuses, wherein the at least one ofthe second communication apparatuses includes: an individualidentification information storage section that stores the individualidentification information; a second common identification informationstorage section that stores the common identification information; anidentification information request receiving section that receives theidentification information request sent from the first communicationapparatus; an individual identification information sending section thatsends the stored individual identification information to the firstcommunication apparatus in response to the received identificationinformation request; a data request receiving section that receives thedata request sent from the first communication apparatus; a first datasending section that sends first type data to the first communicationapparatus when the identification information included in the receiveddata request is the stored individual identification information; asecond data sending section that sends second type data to the firstcommunication apparatus when the identification information included inthe received data request is the stored common identificationinformation.
 2. The data providing system according to claim 1, whereinthe first communication apparatus further includes: a timesynchronization information request sending section that sends a timesynchronization information to the at least one of the secondcommunication apparatuses; an individual time synchronizationinformation receiving section that receives individual timesynchronization information sent from the at least one of the secondcommunication apparatuses; and a first common time synchronizationinformation storage section that stores common time synchronizationinformation, wherein the first data request sending section sends a datarequest including the received individual identification information andthe received individual time synchronization information to the at leastone of the second communication apparatuses, wherein the second datarequest sending section sends a data request including the stored commonidentification information and the stored common time synchronizationinformation to the at least one of the second communication apparatuses,wherein the at least one of the second communication apparatuses furtherincludes: an individual time synchronization information storage sectionthat stores the individual time synchronization information; a secondcommon time synchronization information storage section that stores thecommon time synchronization information; and a time synchronizationinformation request receiving section that receives the timesynchronization information request sent from the first communicationapparatus, wherein the individual time synchronization informationsending section sends the stored individual time synchronizationinformation to the first communication apparatus in response to thereceived time synchronization information request, wherein the firstdata sending section sends the first type data to the firstcommunication apparatus when the identification information included inthe received data request is the stored individual identificationinformation and the time synchronization information included in thereceived data request corresponds to the stored individual timesynchronization information, and wherein the second data sending sectionsends the second type data to the first communication apparatus when theidentification information included in the received data request is thestored common identification information and the time synchronizationinformation included in the received data request is the stored commontime synchronization information.
 3. The data providing system accordingto claim 1, wherein the first communication apparatus further includesan identifying section, wherein the second data request sending sectionbroadcasts a data request including the common identificationinformation, wherein the data receiving section receives the second typedata sent from the plurality of the second communication apparatuses inresponse to the broadcasted data request, wherein the identifyingsection identifies one or more of the second communication apparatuseseach of which sends the second type data satisfying a predeterminedcondition based on the received second type data sent from the pluralityof the second communication apparatuses, wherein the identificationinformation request sending section that unicasts the identificationinformation request to each of the identified second communicationapparatuses, wherein the first data request sending section unicasts adata request including individual identification information sent fromeach of the identified second communication apparatuses in response tothe identification information request, to each of the identified secondcommunication apparatuses.
 4. The data providing system according toclaim 3, wherein the second type data includes data on a type of adevice, and wherein the identifying section identifies the one or moreof the second communication apparatuses each of which corresponds to apreset type, based on the received second type data sent from theplurality of the second communication apparatuses.
 5. The data providingsystem according to claim 1, wherein the first communication apparatusfurther includes a name storage section that stores a first name,wherein the first data request sending section sends a data requestincluding the received individual identification information and thestored first name to the at least one of the second communicationapparatuses, wherein the second data request sending section sends adata request including the stored common identification information andthe stored first name to the at least one of the second communicationapparatuses, wherein the at least one of the second communicationapparatuses further includes a name and data identifying informationstorage section that associates and stores each of a plurality of nameswith each data identifying information, wherein the name and dataidentifying information storage section associates and stores the firstname with first data identifying information which identifies the firsttype data, wherein the name and data identifying information storagesection associates and stores a second name with second data identifyinginformation which identifies the second type data, wherein the firstdata sending section and the second data sending section send data atype of which is identified by the stored data identifying informationassociated with the name included in the received data request, to thefirst communication apparatus, and wherein the at least one of thesecond apparatuses further includes a name changing section that changesthe first name included in the data request to the second name when theidentification information included in the received data request is thestored common identification information.
 6. A communication apparatusthat provides data to another communication apparatus using acommunication protocol capable of performing authentication byidentification information, the communication apparatus comprising: anindividual identification information storage section that storesindividual identification information; a common identificationinformation storage section that stores common identificationinformation; an identification information request receiving sectionthat receives an identification information request sent from theanother communication apparatus; an individual identificationinformation sending section that sends the stored individualidentification information to the another communication apparatus inresponse to the received identification information request; a datarequest receiving section that receives a data request sent from theanother communication apparatus; a first data sending section that sendsfirst type data to the another communication apparatus when theidentification information included in the received data request is thestored individual identification information; and a second data sendingsection that sends second type data to the another communicationapparatus when the identification information included in the receiveddata request is the stored common identification information.
 7. Thecommunication apparatus according to claim 6, further comprising: anindividual time synchronization information storage section that storesindividual time synchronization information; a second common timesynchronization information storage section that stores common timesynchronization information; and a time synchronization informationrequest receiving section that receives a time synchronizationinformation request sent from the another communication apparatus;wherein the individual time synchronization information sending sectionsends the stored individual time synchronization information to theanother communication apparatus in response to the received timesynchronization information request, wherein the first data sendingsection sends the first type data to the another communication apparatuswhen the identification information included in the received datarequest is the stored individual identification information and the timesynchronization information included in the received data requestcorresponds to the stored individual time synchronization information,and wherein the second data sending section sends the second type datato the another communication apparatus when the identificationinformation included in the received data request is the stored commonidentification information and the time synchronization informationincluded in the received data request is the stored common timesynchronization information.
 8. The communication apparatus according toclaim 6, wherein the second data sending section sends the second typedata to the another communication apparatus in response to a first datarequest including the common identification information, the first datarequest broadcasted from the another communication apparatus, andwherein the first data sending section sends the first data to theanother communication apparatus in response to a second data requestincluding individual identification information, the second data requestunicasted from the another communication apparatus if the sent secondtype data satisfies a predetermined condition.
 9. The communicationapparatus according to claim 8, wherein the second type data includesdata on a type of a device, and wherein the second data request isunicasted from the another communication apparatus if the communicationapparatus corresponds to a preset type.
 10. The communication apparatusaccording to claim 6, further comprising: a name and data identifyinginformation storage section that associates and stores each of aplurality of names with each data identifying information; and a namechanging section, wherein the name and data identifying informationstorage section associates and stores a first name with first dataidentifying information which identifies the first type data, whereinthe name and data identifying information storage section associates andstores a second name with second data identifying information whichidentifies the second type data, wherein the first data sending sectionand the second data sending section send data a type of which isidentified by the stored data identifying information associated with aname included in a data request sent from the another communicationapparatus, to the another communication apparatus, and wherein the namechanging section changes the first name included in the data request tothe second name when the identification information included in the datarequest is the stored common identification information.